
<?php
$deId = $_GET['pid'] > 0 ? $_GET['pid'] : $_POST['pro_id'];

if ($deId < 1 || $deId == '') {

    header('Location: referentie_list.php');
    exit;
}
error_reporting(E_ALL);
include_once('controller/includes/constants.php');
include_once('controller/includes/db_access.php');

// we first include the upload class, as we will need it here to deal with the uploaded file
include_once('controller/class.upload/class.upload.php');
$cli = (isset($argc) && $argc > 1);
if ($cli) {
    if (isset($argv[1])) $_GET['file'] = $argv[1];
    if (isset($argv[2])) $_GET['dir'] = $argv[2];
    if (isset($argv[3])) $_GET['pics'] = $argv[3];
}

// set variables
$dir_dest = (isset($_GET['dir']) ? $_GET['dir'] : 'test');
$dir_pics = (isset($_GET['pics']) ? $_GET['pics'] : $dir_dest);

//beveiliging tegen XSS aanval
function transforme_HTML($chaine, $longueur = null) {
// Aide à empêcher les attaques XSS
// Supression des espaces inutiles.
    $chaine = trim($chaine);
// Empêche des problèmes potentiels avec le codec Unicode.
    $chaine = utf8_decode($chaine);
// HTMLise les caractères spécifiques à HTML.
    $chaine = htmlentities($chaine, ENT_NOQUOTES);
    $chaine = str_replace("#", "&#35;", $chaine);
    $chaine = str_replace("%", "&#37;", $chaine);
    $longueur = intval($longueur);
    if ($longueur > 0) {
        $chaine = substr($chaine, 0, $longueur);
    }
    return $chaine;
}

if ((isset($_POST['action']) ? $_POST['action'] : (isset($_GET['action']) ? $_GET['action'] : '')) == 'multiple') {

    $naam = transforme_HTML($_POST['bedrijfsnaam']);
    $reftekst = transforme_HTML($_POST['reftekst']);
    $reflangtekst = transforme_HTML($_POST['reflangtekst']);
    $plaat = transforme_HTML($_POST['plaat']);
    $aktief = $_POST['aktief'];
    $pro_id = $_POST['pro_id'];
    
 if(empty($_FILES['my_field'])){
     // ---------- SIMPLE UPLOAD ----------

    // we create an instance of the class, giving as argument the PHP object
    // corresponding to the file field from the form
    // All the uploads are accessible from the PHP object $_FILES
    $handle = new Upload($_FILES['my_field']);
    if ($handle->uploaded) {
        
        
        $handle->image_resize = true;
        $handle->image_ratio = true;
        $handle->image_y = 150;
        $handle->image_x = 150;
        
        // yes, the file is on the server
        // now, we start the upload 'process'. That is, to copy the uploaded file
        // from its temporary location to the wanted location
        // It could be something like $handle->Process('/home/www/my_uploads/');
        
        $handle->Process($dir_dest);

        // we check if everything went OK
        if ($handle->processed) {
 
            // everything was fine !

            $q = new Query;
            $q
                   ->update('`referenties`')
                    ->set(
                           array(
                            '`referentienaam`' => $naam,
                            '`korte_tekst`' => $reftekst,
                            '`lange_tekst`' => $reflangtekst,
                            '`img1`' => $handle->file_dst_name,
                            '`ref_plaats`' => $plaat,
                            '`aktief`' => $aktief,
                    )
                            )
           ->from('`referenties`')
            ->where_equal_to(
                                            array(
                
                        '`referenties`.`referentie_id`' => $pro_id
                    )
            )



        ->limit(1);

            
            }
            
        $result = $q->run();
       $insert_id = $q->get_affected();
if (($result && $insert_id > 0)) {
         // yes, the file is on the server
        // below are some example settings which can be used if the uploaded file is an image.
        $handle->image_resize = true;
        $handle->image_ratio = true;
        $handle->image_y = 600;
        $handle->image_x = 600;

        // now, we start the upload 'process'. That is, to copy the uploaded file
        // from its temporary location to the wanted location
        // It could be something like $handle->Process('/home/www/my_uploads/');
        
     $handle->Process($dir_dest);

        // we check if everything went OK
        if ($handle->processed) {
            // everything was fine !

            $q_set = new Query;
                        $q_set->update('`referenties`')
                                ->set(
                                        array(
                                            '`img2`' => $handle->file_dst_name
                                        )
                                )
                                ->where_equal_to(
                                        array(
                                            '`referenties`.`referentie_id`' => $insert_id
                                        )
                                );
     
            $result2 = $q_set->run();
            
       
            if ($result2 && $q_set->get_affected() > 0) {
             
            $handle->Clean();
                        
              header('Location: referentie_list.php');
      
              
            }
            
        }
        } else {
            // one error occured
             echo '  Error: ' . $handle->error . '';
             
        }


        // we delete the temporary files

    } else {
        // if we're here, the upload file failed for some reasons
        // i.e. the server didn't receive the file

        echo '  Error: ' . $handle->error . '';
    }
    
}else{
       

            // everything was fine !

            $q = new Query;
            $q
                   ->update('`referenties`')
                    ->set(
                           array(
                            '`referentienaam`' => $naam,
                            '`korte_tekst`' => $reftekst,
                            '`lange_tekst`' => $reflangtekst,
                            '`ref_plaats`' => $plaat,
                            '`aktief`' => $aktief,
                    )
                            )
           ->from('`referenties`')
            ->where_equal_to(
                               array(
                
                        '`referenties`.`referentie_id`' => $pro_id
                    )
            )



        ->limit(1);

            
            
            
        $result = $q->run();
        
if (($result && $q->get_affected() > 0)) {
             

                        
              header('Location: referentie_list.php');
      
              
            }

}

}
?>
<?php
if (isset($_GET['pid'])) {

    $id = $_GET['pid'];
    $q = new Query;
    $q
            ->select('*'
            )
            ->from('`referenties`')
            ->where_equal_to(
                    array(
                        '`referenties`.`referentie_id`' => $id,
                    )
    );

    $result = $q->run();

    if (!($result > 0)) {
        echo 'No product found.' . "\n";
    } else {
        $rows = mysql_fetch_object($result);
    }
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

        <style>
            body {
            }
            fieldset {
                width: 80%;
                background: url(bg.gif);
                margin: 15px 0px 25px 0px;
                padding: 15px;
            }
            legend {
                font-weight: bold;
            }
            fieldset img {
                float: right;
            }
            fieldset p {
                font-size: inherit;
                font-style: normal;

            }
            fieldset p input {

                display: block;
                margin-left:20px;
                font-style: normal;

            }
            .button {
                text-align: right;
            }
            .button input {
                font-weight: bold;
            }
        </style>

    </head>
    <body>  
        <table border="0" cellspacing="5" cellpadding="5">
            <thead>
                <tr>
                    <th colspan="2"><?php include_once('controller/includes/header.php'); ?></th>
                    <th></th>
                </tr>
            </thead>
            <tbody>
                <tr>
                    <td colspan="2">
                        <form name="form1" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
                            <input type="hidden" name="action" value="multiple" />
                             <input type="hidden" name="pro_id" value="<?php echo $_GET['pid']; ?>" />
                            <div>
                                <fieldset>
                                    <legend>referenties</legend>
                                    <p>referentienaam:<input type = "text" name="bedrijfsnaam" value="<?php echo $rows->referentienaam; ?>" placeholder="limelight bv."/> </p>
                                    <p>ref. korte tekst:<textarea name="reftekst" rows="4" cols="40">
                                        <?php echo $rows->korte_tekst; ?>
                                        </textarea></p>
                                    <p>ref.lange tekst:<textarea name="reflangtekst" rows="8" cols="40">
                                    <?php echo $rows->lange_tekst; ?>
                                        </textarea></p>
                                    <p>ref. plaats:<input type = "text"  value="<?php echo $rows->ref_plaats; ?>" required = "required" name="plaat" placeholder="Amsterdam" /> </p>
                                    <p>foto:<input type = "file" name="my_field" value="" /> </p>
                                    <p><input name="aktief" type="radio"  id="aktief" value="Y" /> Ja <input name="aktief" type="radio"  id="aktief" value="N" /> Nee </p>
                                    <p><input type = "submit" name="submit" value="opslaan" /> </p>
                                </fieldset>

                            </div> 

                        </form>
                    </td>

                </tr>

            </tbody>
        </table>


    </body>

</html>
